Gas refunds are provided when clearing storage or calling SELFDESTRUCT on contracts.

The Yellow Paper mentions that refunds are "being capped up to a maximum of half...". What exactly is this "half" and the other components that sum up to a refund? Preferred answer will explain with a specific example (since the Yellow Paper has the definitions).

Also, what attacks would have been possible if refunds were not limited? (Or should this be a separate question?)

3 Answers
3

SELFDESTRUCT refunds 24.000 and SSTORE clear refunds 15.000 gas. The accumulated refund can not exceed half the gas used for the current context (i.e. the initial call).

Let's take the following example:

Current state of the contract's storage

0x00: 1
0x01: 1

And the following execution

PUSH 0
PUSH 0
SSTORE ; set contents of address 0x0 to 0 (i.e. delete)

This would result in the following gas sum 21000 + 3 + 3 + 5000 (tx_gas + push_gas + push_gas + sstore_clear_gas). The total amount of which may be refunded is therefor gas_sum / 2 (13.003). The amount refunded is 15.000 but since this clearly exceeds the maximum of 13.003 we cap it to that amount.

And the reason why we cap this is so that the miner does not end up paying for the actual execution of the contract :-)

EDIT:

If the refunds weren't capped we would run in to 2 issues:

It disincentives running any contracts that refund;

Miners may end up paying for the execution.

It would be disincentive to run these type of transactions if they weren't capped because at the end of the execution the refund is reduced from the amount that which a miner gets (i.e. gasUsed * tx.price). Capping at say the gasUsed would render the execution useless to the miner (it doesn't get rewarded for running the contract). This brings us to the second point; having a higher refund than the gas used would therefor end up in a negative gas usage and would therefor have to be reduced from the miner's balance. No miner in their right mind is going to pay you for execution your call.

In other words, if I understand correctly, you don't want people to create a bunch of contracts during quiet times with low gas price and then suicide() them during an ICO with high gas prices.
– Sjors ProvoostAug 22 '17 at 16:58

This is a great explanation and it'd be really useful to have it in the yellow paper!
– Paul BergJan 5 at 19:06

@JeffreyW. wrong Answer! Used gas and remaining gas are 2 differents things. Used gas increase each times an Instrcution is executed, thereby (and unlike some explorers are suggesting), refunding doesn t decrease miner rewards. But it s worse than that: the person who launched the transaction would still get more ether than what was paid in gas: they would be genereted out of nothing resulting in inflation! This is clearer when you read the source code from officials implementations than the yellow paper.
– user2284570Jul 24 at 11:24

Indeed. This would destroy the security of .send and .transfer if gas refund was provided as it was burned, as the receiving contract could use its gas stores to reenter into the calling function and change its state.
– Nicholas PipitoneNov 16 '18 at 0:18